注入JQuery跨域
[英]Injecting JQuery Cross-Domain
问题描述
Is it safe to inject JQuery's script using JsonP? 
使用JsonP注入JQuery脚本是否安全?
The installation of my web application is - adding a script to a customer's website (like google analytics). 我的网络应用程序的安装是-将脚本添加到客户的网站(例如Google Analytics(分析))。 I was thinking of using JQuery on the customer's website, as part of my own injected script. 我当时想在客户的网站上使用JQuery,作为我自己注入的脚本的一部分。
I was wondering, if there is some kind of risk? 我想知道是否存在某种风险? The application needs to support any kind of website. 该应用程序需要支持任何类型的网站。
Thank you Yaron 谢谢亚伦
3 个解决方案
解决方案1
4 已采纳 2010-01-08 02:19:56
Its hard to tell what you are doing with your library, but it seems you are building some type of widget for use on multiple sites. 很难说出您对库的处理方式,但是似乎您正在构建某种类型的小部件以在多个站点上使用。
From here down has been updated after an enlightening comment from @K Prime caused me research exactly how you could include two copies of jQuery if needed: @K Prime的启发性评论使我进行了精确的研究,以便在需要时包括两个jQuery副本,从这里开始进行更新:
It is generally bad to use jQuery if you are building a widget that will live on a site outside your control, and will be added to the site with a "copy this embed code and paste onto your site" type of functionality. 它通常是坏的使用jQuery,如果你正在建设一个小工具,将生活在你的控制之外的网站,将被添加到该网站有“复制此嵌入代码并粘贴到您的网站”类型的功能。 (Of course jQuery widgets and plugins abound, but these are normally chosen and installed/implemented by developers not a generic "copy-n-paste" widget type implementation) (当然,jQuery小部件和插件比比皆是,但是通常由开发人员选择和安装/实现,而不是由通用的“ copy-n-paste”小部件类型实现)
Probably the biggest reason (after realizing you can run two copies of jQuery on the same page) is the file size increase. 可能的最大原因(意识到您可以在同一页面上运行jQuery的两个副本之后)是文件大小增加。 Whether it is warranted will depend on your particular needs and function. 是否保证将取决于您的特定需求和功能。 Simple small widget = straight JS. 简单的小部件=直JS。 Complex website front-end extension, then it probably is worth the file-size increase. 复杂的网站前端扩展,那么可能值得增加文件大小。
To include it properly (so you don't run into conflicts on their site) follow a workflow that looks something like this: 要正确地包含它(这样您就不会在他们的网站上发生冲突)请遵循以下工作流程:
- Dynamically add jQuery to their page using the Google APIs as mentioned on the other answers here. 如此处其他答案所述,使用Google API将jQuery动态添加到其页面中。
- Run
var mywidget_jQuery = $.noConflict( true );运行var mywidget_jQuery = $.noConflict( true );which will restore the original meaning of$and restore the original meaning ofwindow.jQuery.这将恢复$的原始含义并恢复window.jQuery的原始含义。 - Dynamically add your script file, but be sure to wrap the entire thing in a self executing anonymous function like this: 动态添加脚本文件,但请确保将整个内容包装在这样的自执行匿名函数中:
JS JS
(function($){
... Your code here ...
})(mywidget_jQuery);
Now, you can safely use $ inside your special function and all the jQuery features you want without issue. 现在,您可以安全地在特殊功能和所有想要的jQuery功能中使用$而不会出现问题。
Extra credit You could wrap steps 1 and 2 in an if statement that tests if window.jQuery is defined and if it, test if jQuery.fn.version is high enough to run your code. 额外的功劳您可以将步骤1和2包裹在if语句中,该语句测试是否定义了window.jQuery ,如果测试了它,则测试jQuery.fn.version是否足够高以运行您的代码。 If either test fails, then run steps 1 and 2. If it passes, however, then just run var mywidget_jQuery = window.jQuery so the script you include in step 3 will still run. 如果任何一个测试失败,则运行步骤1和2。但是,如果通过,则只需运行var mywidget_jQuery = window.jQuery这样您在步骤3中包含的脚本仍将运行。
解决方案2
2 2010-01-08 02:01:24
You can add jQuery to a website by simply adding a <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.js" /> element. 您可以通过简单地添加<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.js" />元素来将jQuery添加到网站。
However, make sure to call jQuery.noConflict() in case they use a different $ keyword. 但是,如果它们使用不同的$关键字,请确保调用jQuery.noConflict() 。
解决方案3
0 2010-01-08 02:00:22
如果您只是在参考库,为什么不直接链接到Google Code上托管的API?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.